Fossil SCM

tls: fixes fossil ssl-config load-cert --filename so that the cert and keys are combined and stored in the config table. fossil ui --tls and fossil server --tls now reads the certificate from the config table field ssl-cert.

rdb 2022-01-15 08:33 trunk
Commit c2562490d491a656fe3c8f4fce8ffcb1e2dd655964a2f33db77bb0f1cf1ed9db
Parent 9769c4f756390a7…
1 file changed +5 -5
~ src/http_ssl.c
M src/http_ssl.c
+5 -5
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -704,10 +704,12 @@
704704
 ** the PEM format). If there is no ssl-cert setting, then
705705
 ** a built-in self-signed cert is used.
706706
 */
707707
 void ssl_init_server(const char *zCertFile, const char *zKeyFile){
708708
 if( sslIsInit==0 ){
709
+ db_find_and_open_repository(OPEN_OK_NOT_FOUND|OPEN_SUBSTITUTE,0);
710
+ db_open_config(1,0);
709711
 const char *zTlsCert;
710712
 SSL_library_init();
711713
 SSL_load_error_strings();
712714
 OpenSSL_add_all_algorithms();
713715
 sslCtx = SSL_CTX_new(SSLv23_server_method());
@@ -905,11 +907,11 @@
905907
 }
906908
 db_unprotect(PROTECT_ALL);
907909
 db_multi_exec(
908910
 "PRAGMA secure_delete=ON;"
909911
 "DELETE FROM config "
910
- " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-cert-key');"
912
+ " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-key-file');"
911913
 );
912914
 db_protect_pop();
913915
 }else
914916
 if( strncmp("load-cert",zCmd,nCmd)==0 && nCmd>=4 ){
915917
 int bFN = find_option("filename",0,0)!=0;
@@ -921,11 +923,11 @@
921923
 db_begin_transaction();
922924
 db_unprotect(PROTECT_ALL);
923925
 db_multi_exec(
924926
 "PRAGMA secure_delete=ON;"
925927
 "DELETE FROM config "
926
- " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-cert-key');"
928
+ " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-key-file');"
927929
 );
928930
 nHit = 0;
929931
 for(i=3; i<g.argc; i++){
930932
 Blob x;
931933
 int isCert;
@@ -944,11 +946,10 @@
944946
 fossil_fatal("more than one certificate provided");
945947
 }
946948
 haveCert = 1;
947949
 if( bFN ){
948950
 db_set("ssl-cert-file", file_canonical_name_dup(g.argv[i]), 0);
949
- }else{
950951
 blob_append(&allText, blob_buffer(&x), blob_size(&x));
951952
 }
952953
 if( isKey && !haveKey ){
953954
 haveKey = 1;
954955
 isKey = 0;
@@ -959,11 +960,10 @@
959960
 fossil_fatal("more than one private key provided");
960961
 }
961962
 haveKey = 1;
962963
 if( bFN ){
963964
 db_set("ssl-key-file", file_canonical_name_dup(g.argv[i]), 0);
964
- }else{
965965
 blob_append(&allText, blob_buffer(&x), blob_size(&x));
966966
 }
967967
 }
968968
 }
969969
 if( !haveCert ){
@@ -973,11 +973,11 @@
973973
 fossil_fatal("missing certificate");
974974
 }
975975
 }else if( !haveKey ){
976976
 fossil_fatal("missing private-key");
977977
 }
978
- if( !bFN ){
978
+ if( bFN ){
979979
 db_set("ssl-cert", blob_str(&allText), 0);
980980
 }
981981
 db_protect_pop();
982982
 db_commit_transaction();
983983
 }else
984984
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -704,10 +704,12 @@
704 ** the PEM format). If there is no ssl-cert setting, then
705 ** a built-in self-signed cert is used.
706 */
707 void ssl_init_server(const char *zCertFile, const char *zKeyFile){
708 if( sslIsInit==0 ){
 
 
709 const char *zTlsCert;
710 SSL_library_init();
711 SSL_load_error_strings();
712 OpenSSL_add_all_algorithms();
713 sslCtx = SSL_CTX_new(SSLv23_server_method());
@@ -905,11 +907,11 @@
905 }
906 db_unprotect(PROTECT_ALL);
907 db_multi_exec(
908 "PRAGMA secure_delete=ON;"
909 "DELETE FROM config "
910 " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-cert-key');"
911 );
912 db_protect_pop();
913 }else
914 if( strncmp("load-cert",zCmd,nCmd)==0 && nCmd>=4 ){
915 int bFN = find_option("filename",0,0)!=0;
@@ -921,11 +923,11 @@
921 db_begin_transaction();
922 db_unprotect(PROTECT_ALL);
923 db_multi_exec(
924 "PRAGMA secure_delete=ON;"
925 "DELETE FROM config "
926 " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-cert-key');"
927 );
928 nHit = 0;
929 for(i=3; i<g.argc; i++){
930 Blob x;
931 int isCert;
@@ -944,11 +946,10 @@
944 fossil_fatal("more than one certificate provided");
945 }
946 haveCert = 1;
947 if( bFN ){
948 db_set("ssl-cert-file", file_canonical_name_dup(g.argv[i]), 0);
949 }else{
950 blob_append(&allText, blob_buffer(&x), blob_size(&x));
951 }
952 if( isKey && !haveKey ){
953 haveKey = 1;
954 isKey = 0;
@@ -959,11 +960,10 @@
959 fossil_fatal("more than one private key provided");
960 }
961 haveKey = 1;
962 if( bFN ){
963 db_set("ssl-key-file", file_canonical_name_dup(g.argv[i]), 0);
964 }else{
965 blob_append(&allText, blob_buffer(&x), blob_size(&x));
966 }
967 }
968 }
969 if( !haveCert ){
@@ -973,11 +973,11 @@
973 fossil_fatal("missing certificate");
974 }
975 }else if( !haveKey ){
976 fossil_fatal("missing private-key");
977 }
978 if( !bFN ){
979 db_set("ssl-cert", blob_str(&allText), 0);
980 }
981 db_protect_pop();
982 db_commit_transaction();
983 }else
984
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -704,10 +704,12 @@
704 ** the PEM format). If there is no ssl-cert setting, then
705 ** a built-in self-signed cert is used.
706 */
707 void ssl_init_server(const char *zCertFile, const char *zKeyFile){
708 if( sslIsInit==0 ){
709 db_find_and_open_repository(OPEN_OK_NOT_FOUND|OPEN_SUBSTITUTE,0);
710 db_open_config(1,0);
711 const char *zTlsCert;
712 SSL_library_init();
713 SSL_load_error_strings();
714 OpenSSL_add_all_algorithms();
715 sslCtx = SSL_CTX_new(SSLv23_server_method());
@@ -905,11 +907,11 @@
907 }
908 db_unprotect(PROTECT_ALL);
909 db_multi_exec(
910 "PRAGMA secure_delete=ON;"
911 "DELETE FROM config "
912 " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-key-file');"
913 );
914 db_protect_pop();
915 }else
916 if( strncmp("load-cert",zCmd,nCmd)==0 && nCmd>=4 ){
917 int bFN = find_option("filename",0,0)!=0;
@@ -921,11 +923,11 @@
923 db_begin_transaction();
924 db_unprotect(PROTECT_ALL);
925 db_multi_exec(
926 "PRAGMA secure_delete=ON;"
927 "DELETE FROM config "
928 " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-key-file');"
929 );
930 nHit = 0;
931 for(i=3; i<g.argc; i++){
932 Blob x;
933 int isCert;
@@ -944,11 +946,10 @@
946 fossil_fatal("more than one certificate provided");
947 }
948 haveCert = 1;
949 if( bFN ){
950 db_set("ssl-cert-file", file_canonical_name_dup(g.argv[i]), 0);
 
951 blob_append(&allText, blob_buffer(&x), blob_size(&x));
952 }
953 if( isKey && !haveKey ){
954 haveKey = 1;
955 isKey = 0;
@@ -959,11 +960,10 @@
960 fossil_fatal("more than one private key provided");
961 }
962 haveKey = 1;
963 if( bFN ){
964 db_set("ssl-key-file", file_canonical_name_dup(g.argv[i]), 0);
 
965 blob_append(&allText, blob_buffer(&x), blob_size(&x));
966 }
967 }
968 }
969 if( !haveCert ){
@@ -973,11 +973,11 @@
973 fossil_fatal("missing certificate");
974 }
975 }else if( !haveKey ){
976 fossil_fatal("missing private-key");
977 }
978 if( bFN ){
979 db_set("ssl-cert", blob_str(&allText), 0);
980 }
981 db_protect_pop();
982 db_commit_transaction();
983 }else
984

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button